Hacking away at kiddie porn

(IDG) -- In February, the information systems department at Sonoma State University in Rohnert Park, Calif., learned that child
pornography was being stored on a server somewhere on campus.

The tip-off message to IS included the exact IP address. In Sonoma State's system, each IP address is associated
with a specific port. This one was a direct Internet connection in a dormitory. The IS staff captured images flowing into
and out of the port before university police made the arrest.

"It only took us a couple of hours to catch the guy," says Sam Scolise, Sonoma State's information technology
director. "But it was a very depressing day for our staff because of the horrible things they saw."

Sonoma State received its initial tip from what some might consider an unlikely source: a Swedish hacking group.

In the battle against child pornography, one of the authorities' best allies turns out to be hackers, the ultimate haters of
authority. Although police won't acknowledge them publicly, some hacking groups informally assist law enforcement
agencies in both technical training and evidence gathering.

U.S. Customs, the Federal Bureau of Investigation and other agencies have set up undercover units to combat child
pornography. But because of limited funding and scarce technical resources, they fight an uphill battle. Customs
experienced a 185% jump in child pornography cases last year alone - yet has only three agents dedicated to
working them.

"There's so much out there. It's impossible for agents to keep up," says Senior Special Agent Don Huycke, national
program manager of U.S. Customs' child pornography enforcement program, which has its headquarters in Sterling,
Va.

From October 1996 through April 1998, U.S. Customs made 403 arrests related to the interstate transport of child
pornography, including 175 last year alone.

Although the FBI got a later start, its caseload mushroomed during the same period. Since its inception, the FBI
program has resulted in 407 searches and 192 convictions against people who use online services to recruit children
into illicit sexual relationships and those who distribute pornographic images of children.

With miniscule funding, volunteer hacker groups have an even harder time keeping up. "When we started in summer
1997, we got inundated quickly with people saying they found terrible sites and would we please check them out,"
says 21-year-old hacker and college student "RSnake," who heads the 15-member Ethical Hackers Against Pedophilia
(EHAP) group from his Northern California apartment.

"We were working eight hours a day on this, and our database grew so quickly we looked for donors to give us space,"
he says.

Their own game

Hackers and police alike try to beat pedophiles at their own game by trolling the Internet posing as teens. These are
the same tactics used in the real world by law enforcement agents such as U.S. Postal Inspectors.

Once images are passed or other obvious evidence of pedophilia is observed, investigators try to talk perpetrators into
offering personal, identifying information. Failing that, they wait for suspects to set up a face-to-face meeting. "The
moment they cross state lines for the purpose of engaging in sex with a minor, they see five or six agents instead of a
14-year-old," says FBI Special Agent Larry Foust.

If they can't lure suspects, investigators use proprietary technology and investigative techniques to electronically track
and trace byte trails, either to pedophiles' personal machines or to the servers that house the images.

Even when agents complete such traces, they often find the server space pirated from a legitimate business that has
no knowledge of what is stored there. Agents say that makes it even more difficult to find the actual owners of the child
pornography.

RSnake says he has passed on tracking programs and training materials to law enforcement agencies. Another group,
www.pedowatch.com, offers a free, downloadable tool called Digger Engine, along with detailed techniques to trace
Internet Relay Chat users and Usenet posts.

The uneasy relationship between hackers and law enforcement has come with a lot of hard knocks. RSnake says he
made a few blunders in the beginning, but that he and his 14 cohorts have now learned to do their sleuthing within the
boundaries of the law.

Federal training

Agents and officers also receive training from a Sacramento, Calif.-based organization called System for Electronic
Analysis and Retrieval of Evidence, or Search. The group is funded by a grant from the U.S. Department of Justice.

"We teach investigators how to go undercover and identify where these pedophiles hang out - basically, how to patrol
cyberspace," says Fred Cotton, Search's director of training. "The Internet is one big network. These perps have got to
be somewhere."

But Search conducted only two classes dedicated to online child pornography last year. Cotton blames this on a lack
of funding and human resources.

U.S. Customs was the first agency to take action against online child pornography during the bulletin board service
craze in 1989. But no one in Huycke's tiny department knew how to investigate bulletin board service cases. Mostly,
they just watched them for posted images.

In 1992, the department caught a break in the form of a perpetrator who talked a lot. He showed Huycke's agents the
hot bulletin boards and how to receive images electronically. "We didn't have any way to learn this without the bad
guys showing us," Huycke says.

Money and people

The FBI's fight against child pornography received a $10 million budget allocation from Congress a year and a half ago,
which was used to increase staff to 60 agents.

But U.S. Customs and most local agencies sorely lack human resources, training and funds. And because they
receive absolutely no outside funding, hacking groups are dropping like flies. Last year, Southern California-based
Hackers Against Kiddie Porn folded. According to RSnake, EHAP isn't far behind.

Law enforcement agencies and hacker groups agree that what's really needed is a permanent budget increase and
more educated and technically trained investigators. They also urge parents to find out what their kids are doing on the
Internet and control children's access privileges. Sonoma County Prosecuting District Attorney Gary Medvigy says,
"The more people volunteer as pedo-watchers and the more parents who put on software blocks to protect their own
kids, the more it will help us deal with this problem."

It was Medvigy who prosecuted Noah Alan Pal, the 19-year-old who was caught using the Sonoma State server.

In May, Pal pleaded guilty to possession of child pornography. In July, he was sentenced to eight months in jail,
psychiatric evaluation, forfeiture of his computer and three months' probation.

"The university's IT department did a great job," Medvigy says. "And I think it's great that hackers, with their talent,
report these sites to law enforcement."

Radcliff is a freelance writer in Northern California. Her Internet address is derad@aol.com.